Cyber Security Expert - Application Security

We're seeking a dynamic and forward-thinking Senior Cyber Security Strategist to join our team. In this pivotal role, you'll have the opportunity to shape the future of cyber security at a leading global biopharmaceutical company.

Key responsibilities:

Strategic Partnership: Partner with product teams to provide strategic and subject matter advice across multiple risk domains, ensuring robust security measures are integrated into all aspects of our operations.

Innovation Leadership: Promote and implement NextGen/predictive monitoring and quality intelligence solutions. You'll be at the forefront of removing barriers to innovation, positioning yourself as a Key Opinion Leader (KOL) in the field.

Compliance and Control Optimization: Translate complex compliance requirements into effective controls and optimized processes, balancing security needs with operational efficiency.

Culture Development: Drive a strong Quality & Risk Culture throughout the organization through education, advisory services, automation, and self-service initiatives.

Digital Trust Building: Contribute to developing trust in Sanofi's digital activities by providing and enhancing security services that protect our stakeholders and assets.

Cross-functional Collaboration: Work closely with various teams across Sanofi to ensure cyber security considerations are integrated into all relevant projects and initiatives.

3. The profile of the colleague wed love to work with

Ideal candidate profile:

• Extensive experience in cyber security, with a strong background in risk management and compliance.
• Proven track record of partnering with product teams and translating technical concepts for non-technical audiences.
• Knowledge of NextGen security technologies and predictive monitoring systems.
• Strong leadership skills with the ability to influence and drive cultural change.
• Excellent communication skills, both written and verbal.
• Innovative mindset with a passion for leveraging cutting-edge technologies to solve complex problems.

Formal Education and Experience Required

• University/Masters Degree in Computer Science, preferably in Cybersecurity.
• Application Security and Penetration testing experience.
• Computer Programming skills, especially in Python,PowerShell, C#, Symfony and API Platform.
• 5 to 7 years of professional experience in application development, of which 3 to 5 years is in DevOps or Cybersecurity.
• Security Certifications like CISSP or CEH (Certified Ethical Hacker) are welcome.

Expertise and Competencies

• Expertise as a penetration tester at the application level.
• Expertise in OWASP and MITRE attack framework.
• Large knowledge in IT, development languages and frameworks and DevOps environments (GitHub), AWS and Azure cloud services.
• Scripting skills in Shell, Python, PowerShell are expected.
• Knowledge in containers technologies (RedHat OpenShift and Kubernetes)
• Leadership and strong communication skills with the ability to effectively convey complex security concepts to technical and non-technical stakeholders.
• Strong decision making and, capacity to balance human effort vs application business value.
• Curiosity and appetite for learning new technologies.
• Appetite for challenges
• Ability to translate complex technical stories into non-technical language is necessary.
• Mastery of English is required.

What is expected:

Main missions:

• Contribute to develop, improve, and promote the DevSecOps activity and associated processes and tools.
• Onboard business applications in DevSecOps processes, with a primary focus on application code review.
• Support the business stakeholders who are developing applications for Sanofi.
• Make understandable the Cyber risks and core review issues, and how to remediate.
• Manage and support our Cyber services toolset in the DevOps ecosystem.
• Build and contribute to deliver the appropriate dashboards to drive our roadmap and business stakeholders engagement.
• undefined
• Key Role: Promote the Cyber roadmap and key services.Promote Digital standard related to application development.Think Cyber-as-a-Service model to empower business stakeholders to take ownership of their applications security.Always contextualize the risk and ensure that it is understood. Strive to make the best decision and maintain the right balance.Do not trust but run checks and controls.Build automation everywhere you can and industrialize our cybersecurity processes.Lead and or contribute to Cyber in-house tools development (end-user web portal, technical services,).
• Digital Environment:
• Total scope of thousands business applications, written in many different languages. Source code hosted in GitHub.Strong objective to automate DevSecOps controls and limit cybersecurity human resources effort.International context and multiple third-party vendors and developers, with variable DevSecOps maturity levels.Strong partnership with Enterprise Architecture and some highly mature departments to define development practices and technologies evolution.Growing investments on IA projects, aligned with Data and AI strategy.
• Daily interactions with European and Americas-based colleagues.
• 4. What you may expect in terms of development opportunitiesOpportunity to work on global, high-impact projects that directly contribute to Sanofi's digital transformation.
• Collaborative and innovative work environment that encourages continuous learning and professional growth.
• Chance to be at the forefront of cyber security in the pharmaceutical industry.
• Competitive compensation and benefits package. Global exposure and the potential to make a significant impact on healthcare through technology.